locked
Can Messenger Connect APIs work with Live@Edu SSO? RRS feed

  • Question

  • Hi All,

    Thank you for taking the time to read this.

    Please advise on the following:

    Currently my company's site has Single Sign On via Live@Edu and we need to reuse the SSO but to develop Instant Messaging features. Please advise if the new Messenger Connect APIs can work with Live@Edu SSO.

    Thank you

    Regards

    Thursday, July 15, 2010 4:37 AM

Answers

  • Hello,

    Messenger Connect can work very well with Live@Edu, but the exact experience will depend on your Live@edu integration. As part of your integration with Windows Live, when a user signs into your site, your identity system can call to Windows Live ID to get a Windows Live authentication token for the user as well. If you site hits login.live.com with that token in the same browser session, the user is authenticated to Windows Live in the browser as well. They then have single sign-on into Windows Live properties.

    If you site has integrated with the web Messenger offering in Messenger Connect, the sign-in dialogue for Messenger Connect will detect if there is a user signed into Windows Live. If so, this user will still have to see the Messenger Connect dialogue in order to consent for their Messenger data to be shown the your company's site, but they will not have to retype their username or password.

    Sarah


    Sarah
    Thursday, July 15, 2010 8:59 PM

All replies

  • Hello,

    Messenger Connect can work very well with Live@Edu, but the exact experience will depend on your Live@edu integration. As part of your integration with Windows Live, when a user signs into your site, your identity system can call to Windows Live ID to get a Windows Live authentication token for the user as well. If you site hits login.live.com with that token in the same browser session, the user is authenticated to Windows Live in the browser as well. They then have single sign-on into Windows Live properties.

    If you site has integrated with the web Messenger offering in Messenger Connect, the sign-in dialogue for Messenger Connect will detect if there is a user signed into Windows Live. If so, this user will still have to see the Messenger Connect dialogue in order to consent for their Messenger data to be shown the your company's site, but they will not have to retype their username or password.

    Sarah


    Sarah
    Thursday, July 15, 2010 8:59 PM
  • Thanks Sarah,

    I'm currently waiting for my client ID and secret key and will get to try it out.

    Again, thanks

    Friday, July 16, 2010 6:40 AM
  • Hello,

    Messenger Connect can work very well with Live@Edu , but the exact experience will depend on your Live@edu integration. As part of your integration with Windows Live, when a user signs into your site, your identity system can call to Windows Live ID to get a Windows Live authentication token for the user as well. If you site hits login.live.com with that token in the same browser session, the user is authenticated to Windows Live in the browser as well. They then have single sign-on into Windows Live properties.


    Sarah

    Hi Sarah,

    Would this work with Live@edu SSO and using Exchange Web Services as well ? We are using the standard SSO toolkit to get a short-lived-token which we currently use in a redirect to the Live@edu service. Can that token be used somehow to to provide authentication for an EWS call to get inbox details (for instance)? If so, what does "If your site hits login.live.com with that token in the same browser session" actually mean - do we have to add the SLT to the session, or as a cookie? Any help much appreciated...

    Thursday, January 6, 2011 5:05 PM
  • This is probably too late for the question originator, but for posterity purposes I'll try to respond to this thread.


    Exchange Web Services (EWS) is exposed as managed .NET API (Current to November 2011 version: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13480) , it can rely on either individual authentication by the user (user credentials are supplied to the API by the developer) or it can be configured to perform 'application impersonation', where one of the accounts is granted right (assign into predefined role) to perform impersonation of behalf of the user. In any case, EWS it is not aware nor it needs to have LiveID token(s). There is a lot of documentation available for EWS, as it is widely used for on-premise exchange-centric applications/calls. So to answer PaulPhillips's question directly: No, EWS is not configured to consume Live ID token directly via exposed managed APIs. On the other hand, Live ID SSO Kit is providing generic access to ANY Live ID consuming service, with no difference between individual services; it can be Outlook Live Exchange Online, Hotmail, SkyDrive, etc.
    The primal purpose for EWS is to provide _content manipulation_ within user's mailbox. Think creation/modification/deletion of email messages, calendar items, task, etc. It is not design to expose OWA to the user, but rather is used by OWA (or any other custom UI) to actually operate with the content of the user's mailbox.
    The primal purpose for Live ID SSO is to provide an access to Live ID consuming applications. The fact that Live@edu hosted Outlook Live exchange instance is using Live ID to authenticate end-user makes Live ID SSO capable of reaching the Exchange resources on the level of normal user interaction, yet it is not designed to manipulate an actual content of mailbox, nor it really cares which service consumed that issued token.
    I hope that help more than muddied the waters.

    This posting is provided "AS IS" with no warranties, and confers no rights.


    Dmitry Kazantsev | Schakra, Inc
    Wednesday, November 2, 2011 8:22 PM